IN-PERSON

UK & Ireland CISO Executive Summit

18 June 2019 | London Hilton on Park Lane

18 June 2019
London Hilton on Park Lane

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Elaine Bucknor

Sky
Group CISO and Group Director Technology

Jared Carstensen

CRH plc
CISO

Luke Fairless

Tesco Plc
Technology Director | Security and Capability

Bobby Ford

Unilever
Vice President, Global CISO

Matt Gordon-Smith

AngloAmerican
Head of Global IM Security | CISO

Simon Hodgkinson

BP International Limited
CISO

Paula Kershaw

HSBC
Regional CISO, Europe & UK

Ewa Pilat

Jaguar Land Rover
Global Chief Information Security Officer

Agenda

16 June 2019

afternoon

17 June 2019

morning mid-afternoon afternoon

18:30 - 21:00 Governing Body Welcome Reception

Governing Body Welcome Reception

Governing Body members host this dinner for attendees to launch the event with an evening of peer networking. Join us at the Hilton Park Lane within the Wellington room, where attendees will enjoy dynamic discussions, fantastic wine and gourmet dishes whilst enjoying fantastic views of Hyde Park.

08:00 - 08:45 Registration & Breakfast

08:45 - 09:00 Opening Comments

09:00 - 09:40 Keynote

How To Become A Thoughtfully Ruthless CISO

Val Wright

Global Leadership & Innovation Expert, Author of Thoughtfully Ruthless

What is the greatest lesson Val Wright has learned from her research, writing, and speaking on the subject of innovation while working with executives from Starbucks, LinkedIn, Financial Times, and Google? Her experiences have shown that it’s not the economy, market conditions, or competition that’s holding your business back; the secret is locked inside how leaders ruthlessly, (in a thoughtful way,) manage their time, energy, and resources, in parallel.

Join Val for an interactive session where you will:

Learn how to magically invent more time and create additional capacity
Avoid burnout by becoming sensibly selfish protecting yourself and your team
Increase the probability that you will get promoted and deliver results by making the complex simple
Understand how to easily demonstrate your brilliance

09:40 - 09:50 Networking Break

09:50 - 10:35 Breakout Session

The Future of Cyber Skills and Talent - The NCSC Perspective

Representatives From

The National Cyber Security Centre

By 2020, there will be 2.93 million roles vacant in security. In the midst of this cyber skills shortage, organisations can no longer stand by waiting for others to act.

During this session, you’ll:

Learn more about the CyberFirst programme introducing young people and adults to careers in security
Understand how the government and businesses can work together to engage the talent of the future

09:50 - 10:35 Breakout Session

The Evolution of Cybersecurity Risk Ratings

Jasson Casey

CTO

SecurityScorecard

Cyber risk ratings have steadily evolved over the last six years, shifting from scoring approaches using off the shelf vulnerability scanners to frameworks built with machine learning. Jasson Casey shares the evolution of developing scores – including initial ideas, setbacks and breakthroughs.

In this session, learn:

The composition of a cyber security risk rating
How an enterprise IT team’s behaviour manifests itself to the outside world
How behaviour translates to cyber security risk for the business

09:50 - 10:35 Executive Boardroom

Identifying the Way Forward in IAM

Vijay Samtani

CISO

University of Cambridge

David Robinson

Head of Global IT Security

Herbert Smith Freehills

How are your peers balancing business agility and business security in their identity and access management strategy? Join this roundtable discussion to benchmark your framework and vet future plans, and learn the most innovative tactics security leaders are using for IAM at their organization, including:

Methodologies that satisfy users while maintaining adequate access controls
Communication techniques to streamline acceptance of IAM across the business
Roadmaps for deciding what technology is the best fit

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to C-level executives). To reserve your seat, please contact your event Luis Arango.

09:50 - 10:35 Executive Boardroom

Securing Agile Transformation

George Mudie

CISO

ASOS.com

Lachlan George

Group CISO

Nando's

Justin Coker

Vice President, Europe, Middle East and Africa

Skybox Security

The business world is constantly being disrupted. New technologies are created to make services faster, more efficient and more convenient. As a result, many organisations are mandating aggressive ‘Digital Transformation’ and ‘Cloud First’ strategies from the boardroom. To stay on top, they need to evolve and innovate and do this quickly.

However, organisations need to be very careful with how this affects their security and risk posture.

This session aims to discuss how:

Organisations maintain digital resilience during transformation
The CISO’s function can enable organisations to pivot quickly, innovate and take calculated risks
To ensure people, processes and technology are aligned, underpinned to a common strategy, have the big picture visibility and assurance of the risk to their technology mix

10:35 - 10:50 Networking Break

10:50 - 11:49 Peer-to-Peer Meetings

Peer-to-Peer Meetings

This is your opportunity to pre-book private face-to-face meetings with executive peers attending the Summit, using a private online portal running up to and during the event. Gain real, practical insights into what other companies and industries are doing, to take back to your boardroom.

Please note: This is for CISO attendees only.

11:50 - 12:35 Breakout Session

Do's and Don’ts of Building a Hybrid SOC

Matt Gordon-Smith

Head of Global IM Security | CISO

AngloAmerican

As the threat of security breaches continue to rise, creating an adequate hybrid SOC is no simple task. It requires the right tools, talent and skills in a single operations environment to stop attacks early.

Join this session to learn how to:

Partner with third party providers and balance roles and responsibilities with in-house teams
Launch end-point detection, SIEM and vulnerability management capabilities
Define and manage detection and remediation processes across multiple companies

11:50 - 12:35 Breakout Session

Moving Beyond the Perimeter

Richard Meeus

Director, Security Technology & Strategy

Akamai Technologies

Legacy, perimeter-centric security models have proven ineffective. They simply aren’t capable of safeguarding today’s mobile, agile, and hyperconnected workforce and business strategies.

So how can executives maintain the integrity and defence of enterprise data, applications, users, and devices in today’s intensifying threat landscape? A zero-trust security model is necessary. Meeus will cover:

Why and how leadership teams must embrace a “verify but never trust” principle to preserve the health of their networks
By adopting a zero-trust security model, organisations can evolve, responding to both threats and business processes alike, with confidence and agility

11:50 - 12:35 Executive Boardroom

Shaping a Resilient Security Posture in an Evolving Threat Landscape

Sam Smith

Head of Digital Risk & Security

Cadent Gas

Mark Patton

Vice President of Engineering

Malwarebytes

According to SANS Institute, only 47% of initial vectors of cyber-attacks are detected by antivirus tools. Security teams must assemble multiple security products to combat the gap in their security posture within the ‘new security perimeter’. Should there be a breach, teams often have limited capabilities to respond restricting overall organisational resilience to such an attack.

Join this session to discuss:

What is security resilience?
Is resilience a better measure for security posture when breaches are inevitable?
How to overcome performance and productivity limitations during an attack

11:50 - 12:35 Executive Boardroom

Building World Class Security Teams

Louis Botha

Global Director of Information Security and Data Protection

PageGroup

Stuart Robertson

CISO

Standard Life Assurance (Phoenix Group)

Talent needs are like security threats—plentiful, complex and ever evolving. This can make it tough to predict talent demands and know when (and how) to reskill existing talent. Bring your greatest talent challenges to discuss with your peers in this roundtable discussion on ways to:

Identify and plan for future hiring needs
Reskill talent to evolve with the security landscape
Hire the right people

12:35 - 13:25 Networking Break

13:25 - 14:00 Keynote

Defence in Diversification and the Proactive SOC

Raja Mukerji

President & Co-Founder

ExtraHop

The rush to innovate has resulted in more sophisticated threat defences, but it has also created a complex web of tools that must be managed by an already overworked and understaffed security team. Heterogeneity of defence systems is itself a defence, so modern security teams need to approach consolidation differently.

In this session, attendees will learn how:

Data-first approaches to security architectures illuminates natural consolidation points
Cross-collaboration within the IT organisation improves security posture and reduce tool sprawl
Leveraging other parts of the organisation improves security posture through smarter processes and practices

14:00 - 14:15 Networking Break

14:15 - 15:00 Breakout Session

Prepare for a Major Cyber Attack

Ewa Pilat

Global Chief Information Security Officer

Jaguar Land Rover

Luke Fairless

Technology Director | Security and Capability

Tesco Plc

Most CISOs feel comfortable managing the minor security incidents with standardised processes, but what about major incidents that shake the very foundations of your organisation like the NotPETYA attack? Such crises can be career changing.

Join this workshop to:

Learn the basic building blocks of effective cybersecurity crisis response
Share challenges and best practices in managing major security events
Benchmark against your peers and identify lessons learned

Attendees must register for this session. Seating is limited to 50 people and priority is given to C-level attendees.

14:15 - 15:00 Breakout Session

Protecting Your Organisations’ Very Attacked People

Ryan Kalember

EVP, Cybersecurity Strategy

Proofpoint

Attackers know it’s much easier to find someone who will click than to find a working exploit for a modern OS or browser. However, most organisations have very little idea which of their people receive sophisticated threats, targeted threats, or large volumes of threats. We call these targets VAPs (Very Attacked People).

This session will focus on:

How to identify who the Very Attacked People are within your organisation (probably not your VIPs)
Why and how VAPs are targeted
Meaningful steps a security leader can take to protect their VAPs

14:15 - 15:00 Executive Boardroom

Managing the Convergence of Global Data Regulations

Miller Newton

President and CEO

PKWARE, Inc.

Elaine Bucknor

Group CISO and Group Director Technology

Sky

Paul Watts

CISO

Domino's Pizza

Information security leaders navigate an increasingly complex matrix of national and foreign data privacy regulations. GDPR caused organisations to scramble to meet data protection directives and reassess risk management through new compliance reporting requirements and potential exposure to financial penalties. Now California has its own Privacy Act set to come into effect, and it’s one of potentially many different pieces of forthcoming regulation and policy. How can organisations create a unified data protection and compliance strategy that meets conflicting requirements?

In this session, discuss:

The current landscape of data privacy regulation around the world
Best practices for managing risk associated with data protection frameworks
Standards and metrics for measuring data protection risk
Data classification strategies to aid compliance, regardless of regulation

14:15 - 15:00 Executive Boardroom

The Future of the CISO Role

Simon Tong

Cyber Security Governance Manager

Schlumberger

Simon Hodgkinson

CISO

BP International Limited

Barmak Meftah

President, AT&T Cybersecurity

AT&T

The role of the CISO has changed dramatically over the past decade from an IT-focused role to more business oriented. What will the role look like a decade from now? What are the qualities that are key for the next-generation security leader? This interactive session gives you the chance to discuss:

What the future holds for CISOs in an evolving threat landscape
How to effectively partner with the business
What comes after being a CISO

15:00 - 15:30 Networking Break

15:30 - 16:15 Breakout Session

Security Awareness — Emotionally Engage Your Employees

Matt Broomhall

CISO

Lloyd's of London

You are only as strong as your weakest link. To ensure your organisation has the strongest defence against cyber crime and protects customer data, information security needs to be part of every employee's life.

In this session, you'll hear about:

How to establish the principle of business accountability for information security
Golden rules of emotionally engaging security training and measuring effectiveness
Benefits of gamification that encourage secure behaviours

15:30 - 16:15 Breakout Session

Security Transformation & What's Next – A Nationwide Case Study

David Calder

CEO

Adarma

Matthew Rowe

CISO

Nationwide Building Society

Matthew Rowe, CISO, Nationwide Building Society and David Calder, CEO, Adarma presenting a partnership approach to Security Operations Centre effectiveness.

This session will include:

Things to consider when investing in new security controls
Nationwide end user case study - the journey to building an effective Security Operations Centre
Future plans and working towards maximising SOC effectiveness

15:30 - 16:15 Executive Boardroom

The Continual Shifting of Threats

Alison Dyer

CISO

URENCO Limited

Simon Lambe

Group Head of Information Security

Royal Mail Group

Ofer Israeli

CEO

Illusive Networks

Whether it’s cybercriminals motivated by profit or nation-state attackers with geopolitical motives, public and private organizations of all sizes have felt the impact of cyberattacks. Enterprise organizations are reeling from the onslaught of massively spread ransomware attacks to surgical pinpointed attacks on their assets from sophisticated state-sponsored actors. How can CISOs best face changing threat vectors?

Join this roundtable conversation to discuss:

The current threat landscape
How to best discover and thwart nation-state attacks
What security executives can do to build resiliency

16:15 - 16:30 Networking Break

16:30 - 16:55 Keynote

How to Create a Culture of Security on a Global Scale

Jared Carstensen

CISO

CRH plc

Whilst most organisations today successfully communicate their security plans, policies and procedures, many are not having ongoing, active discussions about information security with their entire workforce to develop a culture of security. It’s vital the business moves away from seeing security as the ‘people who say no’ and towards how security teams can help solve complex business problems.

In this TED-style talk Carstensen will share CRH’s journey to creating a secure culture for its global workforce, including how to:

Ingrain security into your organisation’s DNA to drastically improved security practices
Develop an effective security agenda adaptable for different countries, cultures and languages
Get buy-in from the board to drive the security culture from the top down

16:55 - 17:10 Closing Reception & Prize Drawing

17:10 - 18:00 Closing Comments